LastPass

I like security. I like technology. Time to put these two things to work.



LastPass is a great service. I say it's a service, because it's definitely more than just a program that saves you time and effort while also making you more secure. It uses The Cloud (use your best James Earl Jones voice). "But Tim," you may find yourself saying at this point, "why in the world would I trust my passwords in The Cloud?"

That's a good question. It's the kind of thing you need to consider before sending your information (especially login credentials) over the internet to a third party.

The Good:

Rest your mind, internet stranger. The passwords are encrypted locally before they ever make it to The Cloud. They use your LastPass password or phrase to encrypt them first - so make sure your LastPass password is a good one. After you establish that good password or passphrase, you're ready to use the app.

The application works as a plug-in for most of the major browsers out there. It will replace the crappy password manager that is built into the browser, and it will gladly grab all your credentials during install to secure them in the LastPass vault. You have the option to leave them in the browser, too, but why would you? Those things are sieves.

I'm not going to go into all of the LastPass options, but it can do lots of good things. It can generate a complex password for any new account you create, let you categorize your sites, perform auto logins, manage multiple accounts for the same sites, and even export your vault to a CSV file for backup. One of the neatest features is the ability to perform a security check on your passwords and accounts. It gives an overall rating along with a detailed report showing the sites that share passwords, the ones with simple passwords, and even the accounts that have been involved in known breaches.

Best thing? The basic app and service is free.

The Bad:

You have to get the premium service if you want it working on iOS devices. Even then, you don't get the integration that you get on the PC (even Linux). It's clunky and awkward. As a result, the new, more secure and complex passwords that you're now using are either too complicated to type in, take forever to input, or you have to wind up saving them in the iOS Safari (or 3rd party) browser and you wind up trusting them with your passwords while knowing that they are ultimately not particularly trustworthy. I have not tried the Android version, but it has gotten mixed reviews; most of the complaints centering on the user experience lacking.



The interface changes depending on the browser. Not dramatically, but enough to be annoying. 

Not all sites work with autofill or autologin. For some reason I had a problem getting Facebook to work. I always have to right-click, go through the menu options, and tell it to fill in. It's kind of annoying. Also, I've noticed that it will sometimes autologin even when autologin is not selected for the given site or entry. This is a pain whenever you want to log into a different account on a site, and the program just keeps logging the wrong account in - relentlessly.

If you lose your password, you're out of luck. As it is used as the basis for the decryption and encryption, it is vital that you never lose or forget this password. So, like a lot of security, it falls to finding a very easy to remember password that is very difficult to crack.

Summary:

Every program can improve, and this is one of them. But this has WAY more positives than negatives. The program is very easy to use most of the time, but it has enough customization to make a security professional happy about its implementation. As long as you don't rely heavily on mobile devices for most of your authenticated browsing, this is as good a program as you will find to manage passwords.

4.5/5

Comments

Popular posts from this blog

Elysian Dayglow IPA

The Purge (2013) Security System

I Spit on Your Grave 2 (2013)